Jérôme Segura
Lead Malware Intelligence Analyst

Security researcher with a focus on malvertising, exploits, and scams.

October 18, 2016 - The Sundown exploit kit is keeping us busy by switching from one variant to the next. This latest one clearly was inspired by the original source code and we take the time to explore it a little bit more.

CONTINUE READING5 Comments

October 17, 2016 - In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.

CONTINUE READINGNo Comments

September 27, 2016 - In the battle of exploit kits, RIG EK has earned some extra mileage by being leveraged in a high profile malvertising attack on popular website answers.com. The same domain shadowing campaigns that were popular in the Angler era are continuing with RIG now.

CONTINUE READING4 Comments

September 20, 2016 - The website for Just For Men, a company that sells various products for men, had their website breached and was serving a password stealing Trojan. The malicious code embedded in the WordPress site was part of the EITest campaign and pushed the RIG exploit kit.

CONTINUE READING3 Comments

September 13, 2016 - With a rise in malvertising attacks lately, we take a look at an ad server pushing the Afraidgate, traditionally found on compromised sites.

CONTINUE READINGNo Comments

Select your language